aurweb/rspamd: append .vault to vaulted secrets

This avoids triggering a GitLab push rule which rejects files that look
like secrets.

docs/email.md

@@ -62,8 +62,8 @@ rspamadm dkim_keygen -s dkim-rsa -b 4096 -d archlinux.org -t rsa -k archlinux.or
 the ouput gives you the DNS entries to add to the terraform files.
 The keys generated need to go to the vault:
 ```
-roles/rspamd/files/archlinux.org.dkim-rsa.key
-roles/rspamd/files/archlinux.org.dkim-ed25519.key
+roles/rspamd/files/archlinux.org.dkim-rsa.key.vault
+roles/rspamd/files/archlinux.org.dkim-ed25519.key.vault
 ```
 
 # Gitlab servicedesk

roles/aurweb/tasks/main.yml

@@ -33,7 +33,7 @@
   file: path={{ aur_user.home }}/.ssh state=directory owner={{ aur_user.name }} group={{ aur_user.name }} mode=0700
 
 - name: Install SSH key for mirroring to GitHub
-  copy: src=id_ed25519 dest={{ aur_user.home }}/.ssh/ owner={{ aur_user.name }} group={{ aur_user.name }} mode=0600
+  copy: src=id_ed25519.vault dest={{ aur_user.home }}/.ssh/id_ed25519 owner={{ aur_user.name }} group={{ aur_user.name }} mode=0600
 
 - name: Fetch host keys for github.com
   command: ssh-keyscan github.com

roles/rspamd/tasks/main.yml

@@ -22,11 +22,11 @@
 #
 # the ouput gives you the DNS entries to add to the terraform files.
 # The keys generated need to go to the vault:
-# roles/rspamd/files/archlinux.org.dkim-rsa.key
-# roles/rspamd/files/archlinux.org.dkim-ed25519.key
+# roles/rspamd/files/archlinux.org.dkim-rsa.key.vault
+# roles/rspamd/files/archlinux.org.dkim-ed25519.key.vault
 #
 - name: Install DKIM keys
-  copy: src={{ item }} dest=/var/lib/rspamd/dkim/ owner=rspamd group=rspamd mode=0600
+  copy: src={{ item }}.vault dest=/var/lib/rspamd/dkim/{{ item }} owner=rspamd group=rspamd mode=0600
   loop:
     - "{{ rspamd_dkim_domain }}.dkim-ed25519.key"
     - "{{ rspamd_dkim_domain }}.dkim-rsa.key"